You can set up the system so that users must use a password that's more than 8 characters long and has a mixture of uppercase letters, lowercase letters, numbers, and special characters; and that it be changed every three months, and when you change it, it can't be the same as any password you've had previously. That's not hard.

Not hard? Really? Because just thinking about that makes me want to shoryuken the nearest IT manager so hard that he goes back in time and changes his major to art history.

Besides, eight-character passwords are easily cracked, because they typically represent common password patterns. Real password protection comes from length and uncommon patterns. And, yes, a hacker might still crack a long and unusual passwordif he gets his hands on a list of encrypted hashes, but even that can be guarded against with honeypots.

But, as password naysayers whine, who wants to memorize a long password? So they are dead, right?

Biometrics have become hot in security circles. But a closer look shows that they simply don't compare to passwords. One reason is flexibility. Password choices are limited only by the imagination, but a person has only so many biometric markers. Dave Aitel, CEO of the penetration testing firm Immunity Inc., wrote in a USA Today article, "It's silly to only have 10 possible passwords your whole life (20, if you count toes)."

Worse, biometrics are generally neither temporary nor secret. Unlike a password, biometrics are easily observable (and therefore replicable) by others, and there's far less you can do about it if one gets compromised. "Today, if your Twitter account gets hacked, you just change the password -- but if you are using a biometric, you will be stuck with that hacked password for the rest of your life," Aitel wrote. "We need to keep that in mind before we start using biometrics to authenticate universal sign-ins and financial transactions."

Perhaps the best indicator that passwords are still one's best security bet is the arrest of Ross William Ulbricht, (a.k.a. Dread Pirate Roberts), the alleged Silk Road drug broker. Before arresting Ulbricht, FBI agents followed him -- to the San Francisco Public Library. What were they waiting for? They wanted Ulbricht to open his laptop and enter his passwords. Only after Ulbricht had done that did they swoop in to arrest him and seize his (now conveniently decrypted) laptop for evidence.

Had Ulbricht used a fingerprint scanner or other biometric-based security, law enforcement agents could easily have used his biometric markers to access the machine. Such markers are neither secret nor protected by the Constitution. However, compelling suspects to fork over a password is notalways so easy. The US government has repeatedly had to go to court to compel a defendant to reveal a computer password, and it has not always succeeded. This is because a suspect's fingerprints and certain other biometric indicators are physical evidence, so they are not protected by the Fifth Amendment privilege against self-incrimination -- unlike, sometimes, the humblepassword.

The poor password isn't perfect, and two-factor identification combining a password with a hard token may be better (though a man-in-the-middle phishing attack can defeat that modus operandi). Still, if the full force and might of the US federal government can't always decrypt a perp's password-protected hard drive, declaring the death of the password is not just premature, but downright irresponsible.

While boimetrics have thier place, I doubt passwords are ever really going to go away. As for remembering them, the one I remember the easiest was a 12 character random thing given to me for a specific program. After having to type that thing 20 times in the first two days I remembered it for months after I stopped working on the program.

@Xrecrf456 I think you are right. I also agree that password is not the only viable option available for security. There are other options that are available right now and many will be available a sthe time progress and technology developed. I am of the opinion that we need to implement best possible options at our disposal to keep tha hackers guessing and making them feel disturbed. Biometrics, password and RFIDs can be utilized together

@Waleed I agree there. I think using biometrics can be an option worth using but using password or biomtrics individually will not serve the purpose. I think if utilized in layers they can be the most effective option. What do you say?

@ LuFu, well this is naïve and impracticable in true sense of the word. Mutually assured destruction is a very good and effective idea to prevent opponents from making moves against each other but then there must be some doable mechanism as well. Assigning same password to everyone will not reduce hacking. Instead it will prompt people to go offline with their important data that is like going reverse in time.

Far from being dead, password is the most reliable and most secure security measure because of all what is said in the article. It is rightly being said if Federal Government with all its might can't hack into suspect's password protected hard drive, it must be real difficult. While passwords are still hack-able and complex long passwords are difficult to remember, these are the only secure choice we have.

@Hayder I couldn't agree more. With passwords you have this sense of ownership. It's a wordphrase that you've memorized and only you know. And am I the only one who thinks that biometrics will increase crime rate?

Yes I agree with Nomi because there are many options available for security. It does not necessarily states that just because passwords are there your systems are secured, since the technology is so developed, there can be plenty of ways to hack your information. What matters at the end is a strong security system to protect your data which should be implemented by humans.

The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail: [email protected]

Dell's Efficiency Modeling ToolThe major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise. Read the full report

Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.

The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.

Office and personal productivity tools come in a first-class and coach flavor set, but what makes the difference is primarily little things that most users won't encounter. What's the big issue in using something other than Office, and can you get around it?

We really don't want an "Internet of Everything" but even building an Internet of Everythinguseful means setting some ground rules to insure there's value in the process and that costs and risks are minimized.

Google's Chrome OS has a lot of potential value and a lot of recent press, but it still needs something to make it more than a thin client. It needs cloud integration, it needs extended APIs via web services, and it needs to suck it up and support a hard drive.

On a recent African trip I saw examples of the value of the cloud in developing nations, for educational and community development programs. We could build on this, but not only in developing economies, because these same programs are often under-supported even in first-world countries.

VMware's debate with Cisco on SDN might finally create a fusion between an SDN view that's all about software and another that's all about network equipment. That would be good for every enterprise considering the cloud and SDN.

Wearing a bulky, oversized watch is good training for the next phase in wristwatches: the Internet-enabled, connected watch. Why the smartphone-tethered connected watch makes sense, plus Ivan demos an entirely new concept for the "smart watch."

Cloud storage costs are determined primarily by the rate at which files are changed and the possibility of concurrent access/update. If you can structure your storage use to optimize these factors you can cut costs, perhaps to zero.

The Internet has evolved into a machine for drumming up a chorus of "Happy Birthday" messages, from family, friends, friends of friends who you added on Facebook, random people that you circled on G+, and increasingly, automated bots. Enough already.